Presentation is loading. Please wait.

Presentation is loading. Please wait.

CORPORATE RESILIENCE A Primer on Business Continuity Protecting the Capability to Deliver Products & Services Under a Wide Range of Adverse Conditions.

Similar presentations


Presentation on theme: "CORPORATE RESILIENCE A Primer on Business Continuity Protecting the Capability to Deliver Products & Services Under a Wide Range of Adverse Conditions."— Presentation transcript:

1

2 CORPORATE RESILIENCE A Primer on Business Continuity Protecting the Capability to Deliver Products & Services Under a Wide Range of Adverse Conditions Rick Wilson

3 Presentation Overview Definitions & Objectives of a BCP Business Continuity Lifecycle Components of Business Continuity Embedding BCP In the Organization Participating in a BCP Exercise

4 Disaster Recovery Backups Operational Level Hardware Storage Recovery Telecommunications Computer Recovery Technical Performance Single Discipline Infrastructure Resilience Business Continuity Business Processes Sr. Management Level Products / People / Profits Supply Chain Sustainability Human Communications Product / Service Recovery Company Performance Cross-Functional Organizational Resilience Differentiating Disaster Recovery & Business Continuity

5 Business Continuity Management Why Listen to This Talk?  As a Manager – How Do I Ensure Timely Delivery of Product & Services?  As an Employee – Where Do I Fit? How Can I Contribute?  In Between Jobs? – New Discipline, Founded in IT – BUT Broader  Business Continuity Management will:  Focus on Business Activities  Identify WHICH Vulnerabilities Must Be Addressed – Not ALL  Analyze How Value is Created and Maintained in an Organization  Be a Discipline That Does NOT Go Away  Business Evolves  Company Organization’s Change  Technology Accelerates Work Processes  Customers Migrate  Products are Added, Improved and/or Die  Emphasize the Need for Resilience in Business Processes  Be Applicable to Any Company

6 Business Continuity Evolution of Business Continuity  1970’sDisaster Recovery Sites  DP / MIS – Tactical in Nature  Hard to justify significant investment – for an event you hope never happens  1980’sBusiness Impact Analysis  Shift the focus to the ‘Impact on Business’  Broaden the scope to include business risks and operational interruptions  1990’sDrop the Reference to ‘DR’  Rebrand to Business Continuity – more upbeat then recovery  Standards evolving - Skill sets coalescing – Certifications emerged  Y2K demonstrated dependence on single points of failure / single supplier  2000’sCodifying BCM (Business Continuity Management)  Part of the “Family of Management Systems” standards  PAS56 in UK, NFPA 1600 in US, Handbooks in Australia and Asia  Regulators: FSA in UK, APRA in Australia, Federal Reserve in USA  Then 9/11 – Brought Business Continuity to the forefront  National Standards and ISO 22399

7 Business Continuity Objectives Business Continuity Defined  Business Continuity Management (BCM) is a holistic process that identifies potential threats to an organization and the impact to business operations that those threats, if realized, might cause.  BCM provides a framework for building organizational resilience with the capability for an effective response that safeguards the interests of key stakeholders, organizational reputation, brand and value creating activities. Objective: Sustain Operations Through Non-Specific, Uncontrolled Environmental Events  Prepare for the impact of interruptions in Power, Flood, Storms, whatever …  Ensure the survival of the organization, protect its assets and control financial loss  Minimize losses TO customers and the loss OF customers  Facilitate the resumption of operations  Provide for the safety of personnel and public – before, during & after a disruption

8 Business Continuity Lifecycle Business Continuity Lifecycle – from Business Continuity Institute

9 Transformational Consulting Business Continuity Disaster Recovery is an IT Process Business Continuity Protects the Business  BIA – Business Impact Analysis Assesses Time-Critical Processes Across the Organization Determines RTO / RPO for Each Process Ranks the Processes by Urgency Defines the Prioritized Recovery Path  BCP – Business Continuity Plan Strategic BCP – Sr. Management & Incident Management Team Tactical BCP – Line Management for Delivery of Products & Services Operational BCP – Staff level Execution of Specific Recovery Steps Business Continuity provides the organization with the capability to continue to deliver the products & services essential to the existence of the firm.

10 Business Continuity Management – Lifecycle Understanding the Organization Create the Policy & BIA Determining a BCM Strategy Decide the “What, How, When” Developing & Implementing a BCM Response - Build the BCPs Exercise, Maintain & Review BCM BCM Program Management Embedding BCM in the Organization BUSINESS CONTINUITY MANAGEMENT Program Progression:

11 Elements of the MASTER Business Continuity Plan

12 Elements Supporting the Business Continuity Plan

13  Defines the expected threats that could conceivably occur  Projects probability of occurrence and severity to the organization  Used by individual Departments to refine the threats they could experience in preparing their specific Continuity Recovery Plans. Hazard Matrix HAZARDLikelihoodOccurrence SEVERITY LikelyUnlikelyHighMediumLow Tornado Flood Air Crash Structural Collapse Disease Outbreak Civil Disorder Train Accident Utility Failure Power Failure Telecomm Failure Major Fire Extreme Weather Terrorist Threat Hazmat Earthquake Active Shooter Public Assembly Emerg Hostage Situation

14 Factors In Calculating Impact  Value of the Asset (Function)  Overall Impact if Asset is Lost  Tangible Impact  Reduced Productivity  Increased Expense  Delay in Collecting $  Reduced Income  Fines / Penalties  Loss of Information  Intangible Impact  Loss in Reputation  Loss in Trust  Public Safety  Regulatory  Competitive Edge  Compute Criticality [1-100]  Sort to Arrive at Critical Path  Top 10 Processes BIA – Business Impact Analysis Score Each Process Critical, High, Medium, Low

15 Elements Supporting the Business Continuity Plan

16 Tactical Continuity Recovery Plans Department Continuity Recovery Plan - SAMPLE  Evacuation and Fire Safety Plan  Incident task list to follow  Instructions on communications in crisis  Emergency GO-BELT makeup  Building Wardens  Building Evacuation Diagram  Department Staff Call List  Emergency Services Contact List  Alternate locations & staff assignments  Critical tasks to execute & task timing  Contact list for Key team members  Contact list for Key customers (optional)  Essential equipment list & software list  Supplies list  Vendors list  Vital records list

17 Elements Supporting the Business Continuity Plan

18 Conducted Physical Inspection & Assessment Inspected Remote Sites  Power Reliability  Availability of Generator  Distance From Corporate  Distance From Operations  Bathrooms / Kitchen  Flooding or Septic Issues  Hotels Nearby  Food Stores Nearby  Parking available  Mass Transit Nearby  Tables / Chairs  # People Accommodated  Technology In Place Allocation of Departments Across Alternate Sites

19 Allocated Departments to Alternate Sites  Departments Across the TOP – Facilities DOWN the Side  Staff Size: Normal / Emergency – Home Location  Primary Alternate Site w/ People Count – Secondary & Tertiary Site Choices  Requisite Upgrades of Technology Noted  Total Counts – PRIMARY, SECONDARY, TERTIARY Usage (not shown) Allocation of Departments Across Alternate Sites

20 Inventory Applications Used by Each Department  Usage Level – High, Medium, Low  Client / Server or Web Based  Application Name  Departments Used  How to Make the Application Available Applications Per Department

21 Elements Supporting the Business Continuity Plan

22 Business Continuity Management – Lifecycle Understanding the Organization Create the Policy & BIA Determining a BCM Strategy Decide the “What, How, When” Developing & Implementing a BCM Response - Build the BCPs Exercise, Maintain & Review BCM BCM Program Management Embedding BCM in the Organization INITIAL BC PROJECT OBJECTIVE: Complete a Full BCM Lifecycle Each Step Builds on Previous First Iteration First Iteration of BCM

23 Awareness & Effectiveness Increase with Each Iteration AWARENESSAWARENESS EFFECTIVENESS Business Continuity Maturity Model Improve the Organization’s Capability to Deliver Products & Services Improve Organizational Resilience

24 Embedding Business Continuity In the Organization GOALS  Ensure All Information in the Plan is Verified  Ensure All Plans are Rehearsed  Ensure All Relevant Personnel are Exercised BCM Maturity  Strive to Embed Business Continuity in the Organization  Awareness Initiatives  Specialized Training  Exercises – Table Top & Full Rehearsals  Make BCM inherent in the Organization’s Normal Management Processes After the Initial Iteration [End of Year 1]  Review BIAs for Changes in Assumptions  Update Department CRPs for Alternate Locations, Department Coordinators, etc.  Revisit Dynamic Data in Departmental Documents  Verify Status of Lessons Learned from Past Events

25 Embedding Business Continuity In the Organization AWARENESS INITIATIVE  Ensure Each Department Is Oriented to Business Continuity  Identify 15 Metrics Reflecting – BCM Awareness & BCM Effectiveness  Attributes from Business Continuity Institute’s Good Practice Guidelines Does Staff know where to go?Metric 1 Does the Staff know what Tools to use?Metric 2 Know what tasks are time-critical?Metric 3 How to notify Next-of-Kin?Metric 4 Incorporate BCP into Process Change?Metric 5 Build BCP in to Job Desc / Perf Appraisal?Metric 6 Outstanding items from previous events?Metric 7 Contact Counseling during Emergency?Metric 8 Arranging for TEMP Accomodations?Metric 9 Dealing w/ Special Needs in Event?Metric 10 Do they Have Updated Dynamic Data?Metric 11 Extra Copies of Dept Recovery Plan?Metric 12 Review BIA for Change in Assumptions?Metric 13 Have they Considered "Sustainable" levels?Metric 14 Have they Engaged 3rd Parties in Exercixes?Metric 15

26 Embedding Business Continuity In the Organization AWARENESS INITIATIVE  Met with Each Department – Reviewed Awareness Attributes  Scale of 0 – 75 Graphed as - 37 to +37

27 Embedding Business Continuity In the Organization

28 EXERCISING THE BCP  A BCP Cannot be Considered Reliable - Until it is Exercised  Objectives:  Develop Competence within the Staff  Install Confidence in their Ability to Execute  Impart Knowledge Essential in Time of Crisis  Focus on MAXIMUM Benefit of Exercise MINIMUM Disruption to Business  Types of Exercises  Table Top Simulations  Full Rehearsals (Evacuate the Building) Real-Life Exercise Example

29 Business Continuity Maturity Preparedness Ensured Responsibilities Clearly Assigned BCM Documentation Current Embedding BCM Program in the Organization Activities Able to be Monitored Program Managed Effectively Engage Supply Chain In BC Exercise Continuous Improvement BCM throughout the Organization Demonstrate Effectiveness in Audit

30 QUESTIONS Build and Use Your Business Continuity Plan

31


Download ppt "CORPORATE RESILIENCE A Primer on Business Continuity Protecting the Capability to Deliver Products & Services Under a Wide Range of Adverse Conditions."

Similar presentations


Ads by Google